Ivanti Avalanche Multiple RCE Vulnerabilities - 20240418004¶
Overview¶
The WA SOC has been made aware of 27 fixes released by Ivanti for various reported vulnerabilities in its 2024 first-quarter release. Ivanti has expressed they are not aware of any exploitation of these vulnerabilities at the time of disclosure.
What is vulnerable?¶
- Any version of Avalanche before version 6.4.3.
| CVE | Description | CVSS | Vector | |
|---|---|---|---|---|
| CVE-2024-22061 | A Heap Overflow vulnerability in WLInfoRailService before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | 8.1 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-23526 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | |
| CVE-2024-23527 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | |
| CVE-2024-23528 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | |
| CVE-2024-23529 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | |
| CVE-2024-23530 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | |
| CVE-2024-23531 | An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory. | 7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |
| CVE-2024-23533 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory. | 4.3 | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | |
| CVE-2024-23532 | An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution. | 7.5 | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-23534 | An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-23535 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-24991 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | 6.5 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | |
| CVE-2024-24992 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-24993 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-24994 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-24995 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-24996 | A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. | 9.8 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-24997 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-24998 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-24999 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-25000 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-27975 | An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-27976 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |
| CVE-2024-27977 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | 7.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H | |
| CVE-2024-27978 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | 6.5 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | |
| CVE-2024-27984 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | 7.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H | |
| CVE-2024-29204 | A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | 9.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
- It is highly recommended to update to Avalanche version 6.4.3 or later: Download